How to secure your WordPress site

padlock

The security of your WordPress site is one of the most important elements to manage when you put your website online. Here is a list of good practices to avoid piracy as much as possible.

A security plugin

Installing a WordPress security plugin is highly recommended. This will correct any WordPress security breaches, regularly scan your website for viruses or malware, and it will block people or robots trying to break in to your admin area. There are several plugins, all paying, stand out, but there are a couple I recommend.

Wordfence
Sucuri

Have your theme and plugins up to date

Best practice is to always have WordPress themes and plugins up to date, this limits access to your site by outsiders often due to old security vulnerabilities.

It is important to check the compatibility between different plugins and the theme after updates.

Save your site and database in several places

For optimal security, it is very important to make several backups of your WordPress website, as well as its database, in several different places. Hosting companies do provide backups depending on the package.

A strong password

I strongly recommend that you use a strong password, for example with characters in it such as # @% $ * !. Given the resurgence of attacks carried out automatically by robots, this makes their task more difficult.

There are apps that will remember your passwords, but if you want a free solution without software, your browser e.g. Firefox does that very well.

Two-step authentication

A good way to strongly secure access to the administration panel of your WordPress site is to use two-step authentication, which involves asking for confirmation on your mobile phone after entering your logins and password  Then after installing a 2FA application like Google Authenticator you enter the code displayed on your smartphone.

The code changes every 30 seconds or so, and only the person with your phone has the code, so it becomes much more difficult to hack your access.

Hide the login of the WP admin console

To connect to the backoffice of your WordPress site, two elements are necessary: ​​the login and the password. You set the password, but if you write blog articles for example, your login may be displayed in clear on the page of your articles simply because of the name of the author happens to be the same as the login.

Use a Nickname different from your Username when you create a user.

The WPS Hide Login plugin, on the other hand, allows you to change the access URL to your backoffice, which usually happens to be the same all the time (yourresiteweb.com/wp-admin). One more thing to limit access to the admin of your website and to further secure your WordPress site.

Or finally, you can call on a professional who will take care of updating your site using specialised monitoring tools.

Share on facebook
Share on twitter
Share on linkedin